Post not yet marked as solved
Hello,
we implemented Apple Sign-In in our website long ago, and it worked well.
Recently we have found a strange behaviour.
The first time we make the request to the /auth/token endpoint we get an invalid_client error.
Our client id is com.spicysparks.service.id
If we make a request another time with exactly the same data it works fine.
We noticed we get this error only when we try a newly generated client secret for the first time.
Post not yet marked as solved
We are trying to integrate "Sign in with Apple" and are facing an issue where all users who chose to use Apple's private relay with the hide my email feature are unable to receive any mail sent by us.
We have added our domain, mail from domain & email address to https://developer.apple.com/account/resources/services/configure and also verified the SPF. We also have DKIM setup.
We use SES as our email provider and have added its SPF as recommended aswell.
I have attached a sample delivery log from SES below.
{"notificationType":"Delivery","mail":{"timestamp":"2024-01-17T10:20:07.592Z","source":"\"Redacted\" <admin@redacted>","sourceArn":"arn:aws:ses:ap-south-1:redacted:identity/redacted","sourceIp":"34.redacted","callerIdentity":"redacted-ses","sendingAccountId":"redacted","messageId":"redacted","destination":["redacted@privaterelay.appleid.com"]},"delivery":{"timestamp":"2024-01-17T10:20:12.385Z","processingTimeMillis":4793,"recipients":["redacted@privaterelay.appleid.com"],"smtpResponse":"250 2.0.0 Ok: queued as redacted","remoteMtaIp":"redacted","reportingMTA":"redacted.smtp-out.ap-south-1.amazonses.com"}}
Post not yet marked as solved
We are Integrating SSO with Apple with our application Coordle, but facing the issue.
When user click on "SignUp with Apple" button, at that time the facing error is "Your request could not be completed due to an error. Please try again later"
Can you help us on this ?
I have attached a ss.
Post not yet marked as solved
I'm trying to set up Sign In With Apple on my .NET 7 Web App (Not sure how many people here use this). I followed the guide by Scott Brady here: https://www.scottbrady91.com/openid-connect/implementing-sign-in-with-apple-in-aspnet-core
It reaches Apple Sign In OK, authenticates, and passes back to my server, but the callback responds with this error.
OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.
Googling hasn't helped much, other than I saw a post saying to wait 48 hours, which I have now done (not that that makes sense anyway).
Any idea whats been done wrong? Code below, replacing sensitive data.
Startup.cs
.AddOpenIdConnect("apple", async options =>
{
options.Authority = "https://appleid.apple.com"; // disco doc: https://appleid.apple.com/.well-known/openid-configuration
options.ClientId = "com.rackemapp.applelogin"; // Service ID
options.CallbackPath = "/signin-apple"; // corresponding to your redirect URI
options.ResponseType = "code id_token"; // hybrid flow due to lack of PKCE support
options.ResponseMode = "form_post"; // form post due to prevent PII in the URL
options.UsePkce = false; // apple does not currently support PKCE (April 2021)
options.DisableTelemetry = true;
options.Scope.Clear(); // apple does not support the profile scope
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("name");
options.Events.OnAuthorizationCodeReceived = context =>
{
context.TokenEndpointRequest.ClientSecret = AppleTokenGenerator.CreateNewToken();
return Task.CompletedTask;
};
});
Apple Token Generator
public static class AppleTokenGenerator
{
public static string CreateNewToken()
{
const string iss = "[MyTeamId]"; // your account's team ID found in the dev portal
const string aud = "https://appleid.apple.com";
const string sub = "com.rackemapp.applelogin"; // same as client_id
var now = DateTime.UtcNow;
// contents of your .p8 file
const string privateKey = "[MyKey]";
var ecdsa = ECDsa.Create();
ecdsa?.ImportPkcs8PrivateKey(Convert.FromBase64String(privateKey), out _);
var handler = new JsonWebTokenHandler();
return handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = iss,
Audience = aud,
Claims = new Dictionary<string, object> { { "sub", sub } },
Expires = now.AddMinutes(5), // expiry can be a maximum of 6 months - generate one per request or re-use until expiration
IssuedAt = now,
NotBefore = now,
SigningCredentials = new SigningCredentials(new ECDsaSecurityKey(ecdsa), SecurityAlgorithms.EcdsaSha256)
});
}
}
Also attached, images of my keys and setp in developer portal
Post not yet marked as solved
I'm having a problem with Apple recognizing my redirect url as valid. when making requests for user sign in through firebase.
I used this tutorial to create a serviceID and private key, which I then setup on my end with firebase.
Steps taken
Create serviceID
Tied to primary app ID that is configured for sign in with Apple
Added domains for firebase hosted site
Added return url provided by firebase
Create private key
Associated to the same primary app ID as the service ID
Downloaded the key and placed it's content in firebase
Added the team ID and key ID
Setup client to use new OAuthProvider with redirects to Apple signin
Is there a tool for validating redirect urls or location with logs to help me debug which part of my redirect Url is incorrect?
Thanks
Post not yet marked as solved
After signup via Apple Signup method in my Flutter app, it retrieves only First Name and Last Name, this was done by separating the full name given by the Apple signup divided into two, and populated it among the First Name and Last Name text boxes. In the same screen there is a date selector to select the birthday and 3 buttons to choose gender between Male, Female and Other. When I submitting to this app for AppStore it was rejected several time.
This is the last message given by App Store Review -
Hello,
Thank you for your efforts to follow our guidelines.
When registering with Sign in with Apple, your app still asks for First name, Last name, Birthday and Gender.
First name and last name fields can be auto populated.
Please note that birthday and gender fields are not directly related to the core functionality of the app.
If you need more help, please kindly refer to App Store Connect Developer Help.
Guideline 4.0 - Design
Your app still requires users to provide their name, birthday and gender after using Sign in with Apple. This information is already provided by the Authentication Services framework.
Next Steps
Please revise the Sign in with Apple experience in your app to address the issues we identified above.
What is the solution for this?
If this is accepted when full name is displaying after signup in a seperate screen and birthday and gender in a seperate screens?
Please guide me through this to be accepted my app by App Store Review.
Thanks
Post not yet marked as solved
Migrate existing Sign in with Apple user identifiers and private email relay addresses by exchanging transfer identifiers from one developer team to another with the user migration info endpoint.
View Technote TN3519 >
Post not yet marked as solved
I use apple sign on web using the URL
https://appleid.apple.com/auth/authorize?response_type=code%20id_token&client_id=com.outblaze.mindfuloceanmeta-siwa&redirect_uri=https://api.mindful-ocean.org/mindfulapi/appleauth&cancel_uri=https://www.yahoo.com&state=5f510c9e6b&scope=name email&response_mode=form_post
when it comes to this stage and press "cancel", it redirect me to an invalid url. Where can i configure the URL for the cancel button?
Post not yet marked as solved
Will I be able to communicate, with users that opted to Sign In with Apple to my app, using the private email relay service, after I remove app from App Store?
Post not yet marked as solved
Hello,
I'm trying to migrate Apple Signed in users from one account to another during a migration.
I followed every step in this documentation https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret, and my save algo works for the old account but when I try to get the team identifier for the new account I'm getting this error
Response Code 400
{"error":"invalid_client"}
Generated JWT token for reference:
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IkpRWlY1VENUTTcifQ.eyJpc3MiOiI3MzVBSzlGVVYzIiwiaWF0IjoxNzA0NDU2MTc5LCJzdWIiOiJjb20ud2lsZGxpZmVzdHVkaW9zLmFma3NvY2NlciIsImV4cCI6MTcwNDQ1NjIwOSwiYXVkIjoiaHR0cHM6Ly9hcHBsZWlkLmFwcGxlLmNvbSJ9.iv3YPtOzcJxby2Zj-gCXkJEUmoh66DJ096Z3FlfjL2-u3dgVPZtcClhLnuUDPxOARUktYbH2XCJfM9wsusid0Q
{'typ': 'JWT', 'alg': 'ES256', 'kid': 'JQZV5TCTM7'}
{'iss': '735AK9FUV3', 'iat': 1704456179, 'sub': 'com.wildlifestudios.afksoccer', 'exp': 1704456209, 'aud': 'https://appleid.apple.com'}
Post not yet marked as solved
I am an SDK developer and would like to know about code signing requirements that developers must support by Spring 2024.Please answer the following questions.
1.
According to various websites, I understand that code signing is mandatory for SDKs that fall under the Privacy-Impacting SDKs category and must be supported.
Is that correct?
2.
If we submit an application to the Store that incorporates an SDK that requires code signing but has not been code signed, we will receive an email stating that the application will be subject to rejection from the fall of 2023.
Is that correct?
Post not yet marked as solved
Hello,
I have implemented "Sign in with Apple" in my app. After the user sign in the user have to fill some personal details like first name and last name, birthday etc. Unfortunately I didn't know that the first and last name has to be taken over from the users apple account, which the app reviewer told me to implement this feature. Now I did it and it works with a completely new account like expected. But it doesnt work for accounts which already signed in to the app, because apple provides only on the intital sign up the name of the user, which I save in the database afterwards. I told the reviewer that he/she has to reset its account (to revoke the connection to my app) or use a different account because he already signed up for the account, but the review doesn't want to do it, because it has to work without resetting the account. Unfortunatley there is no other solution.
Does anyone has an idea how to solve this issue?
Here is the anwer of the reviewer:
"Hello,
Regarding 4.0, Sign in with Apple provides sign-in information and is intended to be a self-contained, all-in-one login system.
To resolve this issue, it would be appropriate to revise the Sign in with Apple experience in your app to address the issues we identified above.
We look forward to reviewing your resubmitted app.
Best regards,
App Store Review"
Post not yet marked as solved
I have tried to add sign in with apple to my website but i have a problem when I click the sign in with apple button
I get this error
Invalid Client Id
Can anyone please tell me what is the correct way to add sign in with apple?
Post not yet marked as solved
This is the follow up to this post post
Tinder walkaround requires alot of extra work -> sending confirmation e-mail & handling that and all the cases.
Apple should realy make that optional!
As an example for my application option to sign in anonymously is not "best user experience" as a user is added to the "group" trough email and if by missatke he/she login with annonymus account
and try to sign out to try sign in with normal account the option of choosing "normal" email will not be longer available.
Then they need to go trough iphone settings and clear that (which no one acctuelly knows abbout)!
There are some fixes where one can "revokeTokenWithAuthorizationCode" when signing out but those are just "fixes" that makes everything ugly.
So dear apple the logic that this is for the "best user experience" does not hold for every application so that should be reconcidered, please!
Post not yet marked as solved
We'll be switching our application from being available for anonymous users to requiring login.
We only have social logins so no email + pw method. FB, Google and as per Appstore requirements Apple ID.
I know that the review process requires testers to be able to login, but I couldn't find any concrete information if having Apple ID is enough?
I also couldn't find a way to create test accounts for Apple ID production mode, only for sandbox which as far as I know isn't enough for the testers as they need to be able to test the production application.
Post not yet marked as solved
I am trying to get Sign in with Apple working for my app. I'm unable to to get onCompletion called. It randomly works when I exit Xcode or restart my Mac. Is this a known bug or maybe I am doing something wrong? I have my Sign In credentials too. Thank you for all the help!
SignInWithAppleButton(.signIn) { request in
withAnimation {
isSigningIn = true
}
request.requestedScopes = [.fullName, .email]
} onCompletion: { result in
print("APPLE SIGN IN")
appleSignInHandler.onCompletion(result, showErrorSigningIn: $showSignInError) { attributes, oauthToken in
loginHandler.commonSignIn(
profileManager: profileManager,
withProfileAttributes: attributes,
oauthToken: oauthToken,
goToHome: $goToHome,
showInvitationSheet: $showInvitationSheet,
showSignInError: $showSignInError
)
}
}
Post not yet marked as solved
Hello community,
In our application, we've implemented Apple ID for user authentication. Unfortunately, we forgot to register the associated domains and communication email addresses. This oversight has led to complications in email delivery via the private relay service.
We've taken steps to fix the issue by reconfiguring the domains and communication email addresses. Post-adjustment, new user registrations are functioning properly. However, for users who registered before this fix, the problem persists.
We followed the instructions provided on https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/communicating_using_the_private_email_relay_service, and we also have SPF configured, which has passed validation in our administration.
Has anyone encountered a similar issue, and if so, how did you resolve it? Any insights or guidance would be greatly appreciated.
Post not yet marked as solved
Hello,
I have created a Swift app which has Apple Sign In integrated with it. We now want to add Apple Sign In to a web app but can't seem to find enough documentation on how to do this. We have followed the instructions at https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple and have ended up with a script like so:
<head>
<meta name="appleid-signin-client-id" content="colourworker.SPAD">
<meta name="appleid-signin-scope" content="name email">
<meta name="appleid-signin-redirect-uri" content="https://colourworker.com/apps/photofolia/applesignedin.html">
<meta name="appleid-signin-state" content="init">
<meta name="appleid-signin-nonce" content="NONCE">
<meta name="appleid-signin-use-popup" content="true">
</head>
<body>
<h1>Sign in with Apple</h1>
<div id="appleid-signin" data-color="black" data-border="true" data-type="sign in"></div>
<script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script>
</head>
</html>
But have we populated the client-id, state, and NONCE correctly? When clicking on the Sign In with Apple button we get the error in this screenshot:
I look forward to hearing from someone.
Kind regards,
Miguel
Post not yet marked as solved
Hello everyone! I have a question (issue). I need to write a test for an app, and everything is okay with my tests, but I need to test login with an Apple ID, and I don't want to use my private Apple ID because I plan to post this test on GitHub. Is there any possibility to create, for example, a dummy Apple ID account? Or how do developers typically handle this situation?
Post not yet marked as solved
I am attempting to use sign in with apple id based on the documentation at https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms
My authorization url ishttps://appleid.apple.com/auth/authorize?client_id=REDACTED&redirect_uri=REDACTED&response_type=code&response_mode=form_post&scope=name%20email
The response data does not contain the documented "user".. The post data contains only "state" and "code" params.
Is there something else which must be done with the authorization url? Is there something which must be configured for the app?